1. Field of the Application
Generally, this application relates to smart card technology. More specifically, it relates to a systems and methods for smart card implementation of key encryption key—key transformation unit (“K2KTU”).
2. Description of the Related Art
Integrated circuit (“IC”) cards are becoming increasingly used for many different purposes in the world today. Typically, an IC card (also referred to herein as a smart card) is the size of a conventional credit card or debit card and contains one or more integrated circuits, which can be in the form of one or more computer chips, including, for example, a processing element, a read-only-memory (ROM) element, an electrically erasable programmable read only-memory (EEPROM) element, an input/output (I/O) mechanism and other circuitry as may be required to support the smart card in its operations. In addition to its native operating system, an IC card may contain a single application (e.g., a debit or credit application, a purse or electronic money application, an affinity or loyalty program application, and the like) or it may contain multiple independent applications in its memory. MULTOS™ is one example of an operating system that runs on smart cards, as well as other platforms, and allows multiple independent applications to be executed on a smart card. This allows a card user to run one or more of the multiple programs stored on the card regardless of the type of terminal (e.g., an ATM, an airport kiosk, a telephone, a point of sale (POS) device, and the like) into which the card may be inserted or swiped for use.
A conventional single application IC card, such as a telephone card or an electronic cash card, is loaded with a single application at its personalization stage. Typically, that single application cannot be modified or changed after the card is issued even if the modification is desired by the card user or card issuer. Moreover, if a card user wanted a variety of application functions to be performed, such as both an electronic purse and a credit/debit function, the card user would be required to carry multiple physical single application cards on his or her person, which would be quite cumbersome and inconvenient. Further, if an application developer or card user desired two different applications to interact or exchange data with each other, such as a purse application interacting with a frequent flyer loyalty application, the card user would be forced to swap multiple single application cards in and out of the card-receiving terminal, making the transaction difficult, lengthy and inconvenient.
Therefore, it would be beneficial to have the ability store multiple applications on the same IC card. For example, a card user may have both a purse application and a credit/debit application on the same card so that the user could select which type of payment (i.e., by electronic cash or credit card) to use when making a purchase. It would be further beneficial to provide multiple applications to an IC card, where sufficient memory existed and in which an operating system capable of supporting multiple applications was present on the card. Although multiple applications could be pre-selected and placed in the memory of the card during its production stage, it would also be beneficial to have the ability to load and delete applications for the card post-production as needed.
The increased flexibility and power of storing multiple applications on a single card create new challenges to be overcome concerning the integrity and security of the information (including application code and associated data) exchanged between the individual card and the application provider, as well as within the entire system when loading and deleting applications and associated data. It would be beneficial to have the capability in the IC card system to exchange data among cards, card issuers, system operators and application providers securely and to load and delete applications securely at any time from either a terminal or remotely over a telephone line, Internet or intranet connection or other wired or wireless data conduit. Because these data transmission lines are not typically secure lines, a number of security and entity-authentication techniques must be implemented to make sure that applications being sent over the transmission lines are only loaded on the intended cards.
However, typical processes used in the art today for securely transmitting data and/or applications to an IC card do not handle batch loading of the data and/or applications well because the information is targeted to an individual IC card using that IC card's public card. If a transmitting entity were desirous of populating multiple IC cards with the same data and/or application, an encrypted set of data would have to be created for each IC card separately. One example of this typical process is illustrated in commonly-owned U.S. Pat. No. 6,230,267, which is also fully incorporated herein for all purposes. Another example is illustrated in commonly-owned U.S. Pat. No. 6,632,888, which is also fully incorporated herein for all purposes.
FIG. 1 illustrates an example of a typical, secure application load process used in conjunction with the MULTOS™ IC card system. As shown in FIG. 1, an application load unit prime 10 is created to include an encrypted application load unit 100 using the application provider secret key (“AP_SK”) 11 in combination with a key transformation unit (“KTU”) prime 102. Typically the KTU prime 102 is created by performing a triple DES operation (i.e., key-encryption-key, key encryption key (“KEK”), operation) on the standard KTU using a transport key. The application load unit prime is then transmitted via typical methods to be loaded onto an IC card 18. However, prior to loading, the KTU prime 102 must be translated (i.e., decrypted) at 152 back to the regular KTU 154. This operation requires that a hardware security module (“HSM”) 15 be located locally at the personalization bureau. The HSM 15 communicates securely with the application provider to perform a secure key ceremony 14 whereby the KEK 12, 12′ transport key is exchanged. Once the HSM 15 has the transport key 12, it can translate the KTU prime 102 back to the regular KTU 154. Then, the regular application load unit can be used load the application to the target card.
However, typical processes used in the art today for securely transmitting data and/or applications to an IC card do not handle batch loading of the data and/or applications well because the information is targeted to an individual IC card using that IC card's public card. If a transmitting entity were desirous of populating multiple IC cards with the same data and/or application, an encrypted set of data would have to be created for each IC card separately. One example of this typical process is illustrated in commonly-owned U.S. Pat. No. 6,230,267, which is also fully incorporated herein for all purposes. Another example is illustrated in commonly-owned U.S. patent application Ser. No. 09/932,013, issued as U.S. Pat. No. 7,469,339, which is also fully incorporated herein for all purposes.